Hi All,
Am I using mod_rewrite correctly ?
Or should I be pursuing some other solution ?
* I'd like to provide basic authentication/access control to static pages/files in apache.
* Currently our security/users/ACL etc. are all managed by an application in WebSphere/DB2. I don't want to duplicate all this information for Apache -- though eventually we will move to LDAP and one central store.
** My hope is to use mod_rewrite (for the short-term to):
1) redirect all URL requests for a certain directory to a servlet; with the original requested url now appended as a parameter to the servlet:
http://myservlet/?url=http://myOrigURL
2) the servlet checks if the user is logged in (websphere login) -- if not they are redirected to the right forms etc.etc. if successful -- the user is then redirected (response.sendRedirect()) back to the original URL they requested.
3) I figured I could use a condition:
RewriteCond %{REMOTE_ADDR} !localHost
To make sure I'm NOT trapped into an endless URL redirect situation.
However, my servlet response.sendRedirect preserves the original "requesters" IP -- so I can't tell if the request is coming from:
a) my servlet using a redirect or
b) directly from an unauthenticated client ?
Servlet - "forward" commands can only forward within the context of the servlet container (i.e. cannot forward to an external URL)
My Question:
** Can mod_rewrite work in this situation -- or am I wasting time ??
** Is there some kind of production worthy apache module (currently looking at mod_auth_any) that can help me delegate apache authentication to existing servlet code I have ??
Hope someone can help me out.
Please see rewrite rules I'm using below....
Thanks
Frank
From....MyMOD_REWRITE.conf:
RewriteEngine on
RewriteLog "D:\WebSphere\HTTPServer\logs\rewrite.log"
RewriteLogLevel 4
RewriteCond %{REMOTE_ADDR} !httpServerHost [OR]
RewriteCond %{REMOTE_ADDR} !xxx.xxx.xxx.xxx
RewriteRule ^(.*)/download/(.*) http://host/webapp/servlet/forceLoginDirect?urlKey=%{REQUEST_URI}
##NOTE: Tried appending -- but don't really grok the following:
##[R] and [R,L]
##[PT] and [PT,L]
##[P] and [P,L]
## Still URL loops endlessly on redirect from sevlet because
##%{REMOTE_ADDR} does not become httpServerHost IP on redirect.
--------------------------
Note: These rules are specifed at the server level (i.e. NOT directory level)
But they are within context of a VirtualHost:
From....httpd.conf:
<VirtualHost xxx.xxx.xxx.xxx>
ServerName www.ourdomain.com
Include E:\WebSphere\HTTPServer\conf\MyRewrite.conf
Alias /doc "E:\WebSphere\App/web/doc"
etc.etc.
</VirtualHost>
I'd be eternally gratefull for ANY feedback/thoughts.....
fmisa@sympatico.ca
Hope to hear from someone soon.....
Thanks